{"id":24751,"date":"2021-12-14T12:57:05","date_gmt":"2021-12-14T03:57:05","guid":{"rendered":"https:\/\/153.126.215.51\/info\/?p=24751"},"modified":"2024-07-10T11:41:52","modified_gmt":"2024-07-10T02:41:52","slug":"security20211214","status":"publish","type":"post","link":"https:\/\/groupsession.jp\/info\/info-news\/security20211214","title":{"rendered":"Apache Log4j \u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066(2021-12)"},"content":{"rendered":"

\u5f53\u793e\u88fd\u54c1\u3092\u3054\u611b\u9867\u3044\u305f\u3060\u304d\u307e\u3057\u3066\u3001\u8aa0\u306b\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3059\u3002
\nGroupSession\u3067\u4f7f\u7528\u3057\u3066\u3044\u308b\u30e9\u30a4\u30d6\u30e9\u30ea(Apache Log4j)\u306b\u3066\u4ee5\u4e0b\u8106\u5f31\u6027\u304c\u5224\u660e\u3044\u305f\u3057\u307e\u3057\u305f\u3002<\/p>\n

\u6700\u65b0\u7248ver5.1.3\u3078\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7\u3092\u3054\u691c\u8a0e\u3044\u305f\u3060\u3051\u307e\u3059\u3088\u3046\u304a\u9858\u3044\u7533\u3057\u4e0a\u3052\u307e\u3059\u3002
\n\u304a\u5ba2\u69d8\u306b\u5927\u5909\u3054\u8ff7\u60d1\u3092\u304a\u304b\u3051\u3057\u307e\u3059\u3053\u3068\u3092\u6df1\u304f\u304a\u8a6b\u3073\u7533\u3057\u4e0a\u3052\u307e\u3059\u3002\u4f55\u5352\u3054\u7406\u89e3\u3068\u3054\u5354\u529b\u3092\u8cdc\u308a\u307e\u3059\u3088\u3046\u304a\u9858\u3044\u7533\u3057\u4e0a\u3052\u307e\u3059\u3002<\/p>\n

 <\/p>\n

\u5f71\u97ff\u7bc4\u56f2<\/strong>
\nGroupSession \u7121\u6599\u7248 ver4.6.0 \u304b\u3089 ver5.1.2\u3088\u308a\u524d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3
\nGroupSession ZION ver4.6.0 \u304b\u3089 ver5.1.2\u3088\u308a\u524d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3
\n\u203bbyCloud\u306f12\u670813\u65e5\u306e\u7dca\u6025\u30e1\u30f3\u30c6\u30ca\u30f3\u30b9\u3067\u5bfe\u5fdc\u6e08\u307f\u3067\u3059\u3002
\n\u203bZION\u30e6\u30fc\u30b6\u3078\u306f\u500b\u5225\u3067\u30e1\u30fc\u30eb\u306b\u3066\u6848\u5185\u6e08\u307f\u3067\u3059\u3002<\/p>\n

 <\/p>\n

\n\n\n\n\n
\u8106\u5f31\u6027\u306e\u8aac\u660e<\/strong><\/caption>\n
\u6982\u8981\u60c5\u5831<\/th>\n\u8106\u5f31\u6027\u304c\u3082\u305f\u3089\u3059\u8105\u5a01<\/th>\n<\/tr>\n
CWE-20<\/td>\n\u7b2c\u4e09\u8005\u304c\u7d30\u5de5\u3057\u305f\u30c7\u30fc\u30bf\u3092\u9001\u308b\u4e8b\u3067\u3001\u4efb\u610f\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3055\u308c\u308b\u53ef\u80fd\u6027<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

 <\/p>\n

\u5bfe\u51e6\u65b9\u6cd5<\/strong>
\n\u2460ver5.1.3\u4ee5\u964d\u3078\u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7\u3092\u3057\u3066\u304f\u3060\u3055\u3044\u3002
\nGroupSession ver5.1.3\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\uff08\u7121\u6599\u7248\uff09<\/a><\/p>\n

\u8ffd\u8a18 2021.12.15 11:30<\/strong><\/span>
\n\u2461\u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7\u3067\u304d\u306a\u3044\u304a\u5ba2\u69d8\u5411\u3051
\nv4.6.0\u4ee5\u964d\u3067\u3042\u308c\u3070\u30e9\u30a4\u30d6\u30e9\u30ea\u30d5\u30a1\u30a4\u30eb\u3092\u7f6e\u304d\u63db\u3048\u308b\u306e\u307f\u3067\u5bfe\u5fdc\u53ef\u80fd\u3067\u3054\u3056\u3044\u307e\u3059\u3002<\/p>\n

\u30fb\u8ffd\u52a0\u30d1\u30c3\u30c1\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9
\nlog4j\u8ffd\u52a0\u30e9\u30a4\u30d6\u30e9\u30ea<\/a><\/p>\n

————-\u624b\u9806————–
\n1.Tomcat\u3092\u505c\u6b62\u3059\u308b
\n\u203b\u30b0\u30eb\u30fc\u30d7\u30a6\u30a7\u30a2\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u306a\u304f\u306a\u308a\u307e\u3059\u3002<\/p>\n

2.\u65e7\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u524a\u9664\u3059\u308b
\n\u30fb\u4e0b\u8a18\u306e\u30e9\u30a4\u30d6\u30e9\u30ea\u30d5\u30a9\u30eb\u30c0\u306b\u79fb\u52d5
\n{GSession\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u30d5\u30a9\u30eb\u30c0}\/gsession\/WEB-INF\/lib\/
\n\u4f8b\uff09C:\\Program Files\\Apache Software Foundation\\Tomcat 9.0\\webapps<\/p>\n

\u30fb\u524a\u9664\u30d5\u30a1\u30a4\u30eb
\nlog4j-api-2.14.0.jar
\nlog4j-core-2.14.0.jar
\nlog4j-jcl-2.14.0.jar
\nlog4j-slf4j-impl-2.14.0.jar
\nlog4j-web-2.14.0.jar
\n\u203b\u524a\u9664\u30d5\u30a1\u30a4\u30eb\u306f2.14.0\u30682.3\u306e\u5834\u5408\u304c\u3054\u3056\u3044\u307e\u3059\u3002<\/p>\n

3.\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u3092\u30e9\u30a4\u30d6\u30e9\u30ea\u30d5\u30a9\u30eb\u30c0\u306b\u8ffd\u52a0\u3059\u308b
\n\u30fb\u8ffd\u52a0\u30d5\u30a1\u30a4\u30eb
\nlog4j-api-2.15.0.jar
\nlog4j-core-2.15.0.jar
\nlog4j-jcl-2.15.0.jar
\nlog4j-slf4j-impl-2.15.0.jar
\nlog4j-web-2.15.0.jar<\/p>\n

4.Tomcat\u3092\u8d77\u52d5\u3059\u308b<\/p>\n

 <\/p>\n

\u304a\u554f\u3044\u5408\u308f\u305b\u7a93\u53e3<\/strong>
\nGroupSession\u30b5\u30dd\u30fc\u30c8
\n\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\uff1agsession@sjts.co.jp
\n\u53d7\u4ed8\u6642\u9593\uff1a9:00 \u2013 18:00<\/p>\n

 <\/p>\n

\u53c2\u8003\u60c5\u5831<\/strong>\uff1aApache Log4j \u306e\u8106\u5f31\u6027\u5bfe\u7b56\u306b\u3064\u3044\u3066(CVE-2021-44228)
\nhttps:\/\/www.ipa.go.jp\/security\/ciadr\/vul\/alert20211213.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

\u5f53\u793e\u88fd\u54c1\u3092\u3054\u611b\u9867\u3044\u305f\u3060\u304d\u307e\u3057\u3066\u3001\u8aa0\u306b\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3059\u3002 GroupSession\u3067\u4f7f\u7528\u3057\u3066\u3044\u308b\u30e9\u30a4\u30d6\u30e9\u30ea(Apache Log4j)\u306b\u3066\u4ee5\u4e0b\u8106\u5f31\u6027\u304c\u5224\u660e\u3044\u305f\u3057\u307e\u3057\u305f\u3002 \u6700\u65b0\u7248ver5.1.3\u3078\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7\u3092\u3054\u691c […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/groupsession.jp\/info\/wp-json\/wp\/v2\/posts\/24751"}],"collection":[{"href":"https:\/\/groupsession.jp\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/groupsession.jp\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/groupsession.jp\/info\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/groupsession.jp\/info\/wp-json\/wp\/v2\/comments?post=24751"}],"version-history":[{"count":1,"href":"https:\/\/groupsession.jp\/info\/wp-json\/wp\/v2\/posts\/24751\/revisions"}],"predecessor-version":[{"id":50068,"href":"https:\/\/groupsession.jp\/info\/wp-json\/wp\/v2\/posts\/24751\/revisions\/50068"}],"wp:attachment":[{"href":"https:\/\/groupsession.jp\/info\/wp-json\/wp\/v2\/media?parent=24751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/groupsession.jp\/info\/wp-json\/wp\/v2\/categories?post=24751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/groupsession.jp\/info\/wp-json\/wp\/v2\/tags?post=24751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}